!!!!!!!!!!!!!!!!!!!!!!

Size: px
Start display at page:

Download "!!!!!!!!!!!!!!!!!!!!!!"

Transcription

1 Infrastructure Security Assessment Methodology January 2014 RSPS01 Version 2.1 RandomStorm - Security Assessment Methodology - RSPS01 Version Page 1

2 Document Details Any enquires relating to this document should be addressed to the document author directly. Reference RSPS01 Version 2.1 Original Release January 2014 Last Updated January 2014 Author Gavin Watson RandomStorm - Security Assessment Methodology - RSPS01 Version Page 2

3 i Table of Contents Introduction 4 Document Purpose 4 Document Structure 4 Security Testing 5 External Testing 5 Internal Testing 5 Black Box Testing 5 White Box Testing 6 Review Testing 6 Testing Methodology 7 High Level Overview 7 Initial Scoping 8 Reconnaissance 8 Network Traffic Analysis 8 Port/Service Discovery 9 Assessment 9 Automated Vulnerability Assessment 9 Manual Confirmation / Exploitation of Infrastructure Vulnerabilities 9 Manual Confirmation / Exploitation of Web Application Vulnerabilities 10 Brute-force / Wordlist Attacks 10 Post Exploitation Techniques 10 Operating System/Service Version NVD Cross-Reference 11 Reporting 11 Presentation 11 Appendix A - About RandomStorm 12 Appendix B - Professional Services 13 Penetration Testing Team 13 Compliance Team 13 Web Application Testing Team 13 PCI ASV Team 13 Appendix C - Safe Checks 14 RandomStorm - Security Assessment Methodology - RSPS01 Version Page 3

4 i Introduction Document Purpose RandomStorm adopt a proven information security assessment methodology based on industry recognised guidelines including the NIST Special Publication and the Open Source Security Testing Methodology Manual (OSSTMM). This methodology is followed by all consultants on all infrastructure security assessments, ensuring that a thorough and accurate assessment is performed. In addition, the use of a formal methodology helps to maintain consistency among the various assessments performed by different consultants. The purpose of this document is to provide a clear and concise explanation of the various components of RandomStorm s methodology. In each section the various tools used by the consultants will be listed along with any applicable NIST SP documentation references. Document Structure This document contains the following four sections: 1. Introduction 2. Security Testing This section explains the most common techniques used to perform infrastructure security assessments. 3. Testing Methodology This section covers the various components of the methodology in the order that they are performed. The most common tools used by the RandomStorm consultants are listed under the title, Associated Tools in each section. Where applicable NIST references will be provided which can be found under the title, 4. Appendix Documents This section includes appendix documents that contain additional information that readers may find useful. RandomStorm - Security Assessment Methodology - RSPS01 Version Page 4

5 i Security Testing External Testing An external infrastructure security assessment is usually performed from the assessor s office or data centre locations and targets the client s publicly facing network services. The assessment will identify software or configuration vulnerabilities associated with the target hosts. As these services are publicly available their security is a significant concern for the client. For example, should an attacker successfully compromise a service such as an external portal, then they may be able to launch effective social engineering spear phishing attacks. Similarly, a successful compromise of the client s external VPN service could result in full remote access to the internal network. External testing often involves a greater emphasis on publicly available information and how it could be leveraged against the target business. RandomStorm s consultants will gather key pieces of information such as (but not limited to) addresses, website unique words, associated social media information and document meta data author names. This information will be examined and used to perform a realistic simulation of an external attack. Typically, the external assessment is performed by a separate team and information is not shared with those performing the internal assessment. Internal Testing An internal security assessment is performed onsite at the client s location and the consultant will be directly connected to the corporate network. This assessment will identify software and configuration vulnerabilities associated with the servers, workstations and infrastructure devices that make up the client s internal network. As the consultant is directly connected to the network, the assessment is simulating an attacker having successfully gained access externally or attacks from internal threats such as disgruntled employees. Internal tests often yield significantly more results than external tests as a far greater number of hosts are within scope. Additionally, the live services hosted by internal servers are generally less restricted than those within an externally facing DMZ. Where external assessments focus of leveraging publicly available information against a handful of services, internal assessments focus on identifying the most significant vulnerabilities from a typically large scope. Black Box Testing During Black Box testing, the client will not provide any detailed information about the target systems beyond their IP addresses. This type of assessment is the most realistic simulation of a real world attack. As no information is provided, the initial reconnaissance stages take a greater precedence, establishing a foundation for the remainder of the test. Clients can request that an external assessment be performed without providing any target IP addresses. The consultants will be expected to perform passive online reconnaissance to identify any targets associated with the client. These targets will then be presented to the client who will then confirm which are to be fully tested. RandomStorm - Security Assessment Methodology - RSPS01 Version Page 5

6 White Box Testing During White Box testing, the client will provide RandomStorm with detailed information about the target systems. With a greater insight into the systems the consultant would be able to identify more vulnerabilities than in Black Box testing. Therefore, White Box testing can be considered more thorough but at the expense of a realistic test. Generally, a client will perform Black Box testing to identify the low hanging fruit, then perform White Box testing to identify the more subtle or theoretical security issues. Review Testing The information security assessment may include non-intrusive / passive testing techniques designed to gather information that may reveal additional security weakness. As these tests are passive they should not pose a significant threat to the network or services. Typically, these tests would include reviews of logs, system configurations, firewall rulesets and business documentation such as relevant procedures and policies. Documentation Review - NIST SP Log Review - NIST SP Ruleset Review - NIST SP System Configuration Review - NIST SP Network Sniffing - NIST SP File Integrity Checking - NIST SP RandomStorm - Security Assessment Methodology - RSPS01 Version Page 6

7 i Testing Methodology High Level Overview 1. IN ITI AL Testing Methodology 2. RECO NN A ISS A E NC EPORTING R. 4 ON TATI N E ES R P ING OP SC 5. RandomStorm s infrastructure security assessments follow a 5 step methodology as show in the diagram below. 3. ASSESSMEN T RandomStorm believe that these five steps are crucial in performing a thorough and accurate assessment, providing value for the client and ultimately improving the security of the target network. This methodology is cyclical in that the results of the assessment presented to the client, and provided as a report, feed back into the scope of additional tests. As security is a process rather than a solution, this methodology is designed to work along side the ongoing process. The 5 steps are broad categories and can generally be applied to multiple types of infrastructure assessment, regardless of whether it is internal, external or some other combination. RandomStorm - Security Assessment Methodology - RSPS01 Version Page 7

8 Initial Scoping The consultants work closely with the client to agree on a scope that meets the client s specific security requirements. This will typically involve meetings and / or conference calls to discuss the assessment drivers, the various technologies involved, the results of previous assessments, details of unstable hosts, location of critical business systems, assessment caveats, location of sensitive information and any other relevant details that could affect the test. Confirming a scope with the client at this stage is critical as any testing outside of the defined scope could breach the Computer Misuse Act 1990 as well as other information security relevant legislations. Prioritising and Scheduling Assessments - NIST SP Selecting and Customising Techniques - NIST SP Assessment Logistics - NIST SP Assessment Plan Development - NIST SP Legal Considerations - NIST SP Reconnaissance The consultants will attempt to gather as much information as possible about the target company and target hosts. For an external assessment this information may include DNS records, addresses, usernames, employee names, employee hierarchy, social media posts and website document metadata. The gathered information will be used to aid in attacks against remote administration services, web application login portals and any other attack vectors identified. When directly connected to a corporate network, reconnaissance may involve passively collecting network information for use in the assessment. 1. Network Traffic Analysis The visible network traffic is collected and analysed using packet capture tools. The aim of this test is to identify issues such as clear text credentials and unauthenticated routing information. Traffic analysis can also be used to partially map out network resources and identify security issues with traffic flow. Associated Tools Wireshark, dsniff, tpcdump, Cain & Abel The reconnaissance stage also focuses on active target identification which involves identifying live services, their version and information about the hosting device. This information lays the foundation for the vulnerability assessment, and the majority of this information is used to identify software associated vulnerabilities. RandomStorm - Security Assessment Methodology - RSPS01 Version Page 8

9 2. Port/Service Discovery One of the initial stages of any internal assessment is to identify live ports/services on the target hosts through automated port scanning. The remote operating system is fingerprinted and the service versions are identified. Associated Tools Nmap, Unicorn Scan, xprobe, SinFP and netcat Network Discovery - NIST SP Network Port and Service Identification - NIST SP Wireless Scanning - NIST SP Assessment After completion of the reconnaissance stage the gathered information is used as a basis for the vulnerability assessment, which provides security information to then conduct the full manual penetration test. The objective is to identify all possible vulnerabilities that could potentially lead to a compromise, and to provide a worst case scenario. Coordination - NIST SP Assessing - NIST SP Analysis - NIST SP Data Handling - NIST SP Automated Vulnerability Assessment The results of the initial vulnerability scans provide the foundations for the entire assessment. The automated tools will probe each live service and identify known vulnerabilities based on the results of version banner checks and vulnerability specific plugins. This is the most network intensive part of the assessment as multiple checks will be conducted simultaneously on multiple hosts. Associated Tools Nessus, OpenVas, Saint, Nexpose Vulnerability Scanning - NIST SP Manual Confirmation / Exploitation of Infrastructure Vulnerabilities The consultant will manually confirm the high level CVSS Score 7-10 vulnerabilities identified. This may involve using techniques such as (but not limited to) exploitation code, malformed queries and password attacks, depending on the vulnerability identified. The manual confirmation of vulnerabilities reduces the chances of false positives being RandomStorm - Security Assessment Methodology - RSPS01 Version Page 9

10 reported on. In addition, the compromise of target hosts provides a platform on which to identify additional issues (post-exploitation). Associated Tools Metasploit and Core Impact 3. Manual Confirmation / Exploitation of Web Application Vulnerabilities The automated scanning results will return low level Web application issues, considered the lowest hanging fruit. Therefore, a Web application specific assessment is performed to identify more complex vulnerabilities. As the consultant elevates their privileges and compromises additional services they will attempt to access more areas of the scope to achieve their main objective. Therefore, this stage of the assessment will also examine vulnerabilities associated with areas such as network segmentation and firewall restrictions. The consultant will attempt to identify security weaknesses in the infrastructure that may allow them to access restricted areas such as a cardholder data environment (CDE) in assessments driven by PCI DSS compliance. Associated Tools Burp Suite Professional, WebStorm, SQLMap, Nikto, WPScan, DNSRecon, DirBuster, theharvester, w3af, SSLScan and Nmap Penetration Testing - NIST SP Brute-force / Wordlist Attacks Any service that supports authentication will be assessed with either brute-force or wordlist attacks to identify weak passwords and other security issues. The most common services assessed are Telnet, SSH, FTP, SMB, LDAP, MSSQL and RDP. Associated Tools Hydra, Medusa, Burp and Metasploit Modules Password Cracking - NIST SP Post Exploitation Techniques Once targets have been compromised it is then possible to identify additional vulnerabilities. These will often include local administrator password reuse, the use of weak hashing methods such as LM, cached credentials and weak domain admin passwords. Associated Tools Tools used: Metasploit, Incognito, Mimikatz and fgdump RandomStorm - Security Assessment Methodology - RSPS01 Version Page 10

11 6. Operating System/Service Version NVD Cross-Reference The operating system and service versions found will be cross-referenced with the National Vulnerability Database to identify issues that the automated scanners may have missed. Any new vulnerabilities are confirmed when onsite to reduce the possibility of false positives. Reporting Once all of the assessment data has been collected, the next phase is to analyse this data and create the report documents. The main report will contain a management summary, list of prioritised security issues, and remediation advice. An appendix is also supplied containing all the security information gathered during the assessment. Mitigation Recommendations - NIST SP Reporting - NIST SP Remediation/Mitigation - NIST SP Presentation Once the full assessment report is created, it is uploaded to the secure document area of the RandomStorm Secure Customer Portal. At the customer s request any findings can be presented onsite by the consultants in the form of a presentation to the management and / or employees. RandomStorm - Security Assessment Methodology - RSPS01 Version Page 11

12 i Appendix A - About RandomStorm RandomStorm InfoSec & Compliance Specialists have years of experience helping a broad range of organisations address their IT and business security and related compliance issues. Our people typically hold CISSP, CEH, CCIE and CHECK qualifications and are members of the Institute of information security professionals. We offer bespoke services aimed at taking the pain out of managing security risks and meeting industry regulation; we specialise in implementing InfoSec improvement and compliance strategies; developing secure IT and business processes; and architecting secure IT infrastructure. RandomStorm s specialists have extensive experience of guiding companies of all sizes through the maze of compliance in areas such as FSA, ISO 27001, Sarbanes Oxley and PCI DSS compliance. RandomStorm are a CHECK Green Light company and employ a UK Security Cleared team of Penetration Testers that include CHECK Team Leaders and CHECK Team Members. RandomStorm are a PCI Approved Scanning Vendor and a PCI Qualified Security Assessor. RandomStorm - Security Assessment Methodology - RSPS01 Version Page 12

13 i Appendix B - Professional Services The following is a list of the professional services currently offered by the RandomStorm team. Penetration Testing Team Internal CHECK Security Assessment Internal PCI Security Assessment External Security Assessment Social Engineering Firewall Rule Review Server Build Review WiFi Security Assessment War Dialing Assessment VPN Security Assessment Citrix Security Assessment Training and Education VoIP Security Assessment Active Directory Security Review Compliance Team PCI DSS Gap Analysis PCI DSS Consultancy PCI DSS Assessments ISO/27001 Gap Analysis ISO/27001 Consultancy Physical Security Assessment Incident Response Polices and Procedures Creation Training and Education Web Application Testing Team Web Application Assessments Training and Education Code Review PCI ASV Team External PCI ASV Assessments RandomStorm - Security Assessment Methodology - RSPS01 Version Page 13

14 i Appendix C - Safe Checks All high level (exploitable) vulnerabilities will be securely reported to the client and onsite contact immediately on discovery The laptop used by the engineer will be fully screened for any malicious software that could pose a threat to the target network The automated scanners will have safe checks enabled, all Denial-Of-Service (DoS) checks disabled, and be throttled back (in terms of hosts checked simultaneously and the maximum amount of TCP connections) to reduce the chances of network disruption The assessment will not include the exploitation of vulnerabilities (such as through bufferoverflows) unless the client specifically requests it Wordlist and brute-force attacks will not be performed unless the target service has been confirmed through examination (and by the client) to have no lock-out threshold configured, or similar configuration that could result in network or service disruption Key services such as Microsoft Active Directory and Microsoft SQL databases will not be accessed using compromised accounts without confirmation from the client RandomStorm - Security Assessment Methodology - RSPS01 Version Page 14

Penetration Testing Report Client: Business Solutions June 15 th 2015

Penetration Testing Report Client: Business Solutions June 15 th 2015 Penetration Testing Report Client: Business Solutions June 15 th 2015 Acumen Innovations 80 S.W 8 th St Suite 2000 Miami, FL 33130 United States of America Tel: 1-888-995-7803 Email: info@acumen-innovations.com

More information

Redhawk Network Security, LLC 62958 Layton Ave., Suite One, Bend, OR 97701 sales@redhawksecurity.com 866-605- 6328 www.redhawksecurity.

Redhawk Network Security, LLC 62958 Layton Ave., Suite One, Bend, OR 97701 sales@redhawksecurity.com 866-605- 6328 www.redhawksecurity. Planning Guide for Penetration Testing John Pelley, CISSP, ISSAP, MBCI Long seen as a Payment Card Industry (PCI) best practice, penetration testing has become a requirement for PCI 3.1 effective July

More information

ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST

ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST Performed Between Testing start date and end date By SSL247 Limited SSL247 Limited 63, Lisson Street Marylebone London

More information

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

ITEC441- IS Security. Chapter 15 Performing a Penetration Test 1 ITEC441- IS Security Chapter 15 Performing a Penetration Test The PenTest A penetration test (pentest) simulates methods that intruders use to gain unauthorized access to an organization s network and

More information

Vulnerability Assessment and Penetration Testing

Vulnerability Assessment and Penetration Testing Vulnerability Assessment and Penetration Testing Module 1: Vulnerability Assessment & Penetration Testing: Introduction 1.1 Brief Introduction of Linux 1.2 About Vulnerability Assessment and Penetration

More information

Cyber Essentials. Test Specification

Cyber Essentials. Test Specification Cyber Essentials Test Specification Contents Scope of the Audit...2 Assumptions...3 Success Criteria...3 External systems...4 Required tests...4 Test Details...4 Internal systems...7 Tester pre-requisites...8

More information

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis? Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis? This paper presents a scenario in which an attacker attempts to hack into the internal network

More information

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked. This sample report is published with prior consent of our client in view of the fact that the current release of this web application is three major releases ahead in its life cycle. Issues pointed out

More information

Penetration Testing Report. Client: xxxxxx Date: 19 th April 2014

Penetration Testing Report. Client: xxxxxx Date: 19 th April 2014 1. Executive Summary Penetration Testing Report Client: xxxxxx Date: 19 th April 2014 On the 19th of April, a security assessment was carried out on the internal networks of xxxxxx, with the permission

More information

Five Steps to Improve Internal Network Security. Chattanooga ISSA

Five Steps to Improve Internal Network Security. Chattanooga ISSA Five Steps to Improve Internal Network Security Chattanooga ISSA 1 Find Me AverageSecurityGuy.info @averagesecguy stephen@averagesecurityguy.info github.com/averagesecurityguy ChattSec.org 2 Why? The methodical

More information

Payment Card Industry (PCI) Executive Report 08/04/2014

Payment Card Industry (PCI) Executive Report 08/04/2014 Payment Card Industry (PCI) Executive Report 08/04/2014 ASV Scan Report Attestation of Scan Compliance Scan Customer Information Approved Scanning Vendor Information Company: A.B. Yazamut Company: Qualys

More information

Payment Card Industry (PCI) Penetration Testing Standard

Payment Card Industry (PCI) Penetration Testing Standard Payment Card Industry (PCI) Penetration Testing Standard Issued Date: 14 May 2015 Effective Date: 14 May 2015 Purpose This standard outlines penetration-testing requirements for the university's Payment

More information

What is Penetration Testing?

What is Penetration Testing? White Paper What is Penetration Testing? An Introduction for IT Managers What Is Penetration Testing? Penetration testing is the process of identifying security gaps in your IT infrastructure by mimicking

More information

Client logo placeholder XXX REPORT. Page 1 of 37

Client logo placeholder XXX REPORT. Page 1 of 37 Client logo placeholder XXX REPORT Page 1 of 37 Report Details Title Xxx Penetration Testing Report Version V1.0 Author Tester(s) Approved by Client Classification Confidential Recipient Name Title Company

More information

INFORMATION SECURITY TESTING

INFORMATION SECURITY TESTING INFORMATION SECURITY TESTING SERVICE DESCRIPTION Penetration testing identifies potential weaknesses in a technical infrastructure and provides a level of assurance in the security of that infrastructure.

More information

Vinny Hoxha Vinny Hoxha 12/08/2009

Vinny Hoxha Vinny Hoxha 12/08/2009 Ethical Hacking and Penetration Testing Vinny Hoxha Vinny Hoxha 12/08/2009 What is Ethical Hacking? Types of Attacks Testing Approach Vulnerability Assessments vs. Penetration Testing Testing Methodology

More information

Penetration Testing and Vulnerability Scanning

Penetration Testing and Vulnerability Scanning Penetration Testing and Vulnerability Scanning Presented by Steve Spearman VP of HIPAA Compliance Services, Healthicity 20 years in Health Information Technology HIPAA Expert and Speaker Disclaimer: Nothing

More information

Demystifying Penetration Testing for the Enterprise. Presented by Pravesh Gaonjur

Demystifying Penetration Testing for the Enterprise. Presented by Pravesh Gaonjur Demystifying Penetration Testing for the Enterprise Presented by Pravesh Gaonjur Pravesh Gaonjur Founder and Executive Director of TYLERS Information Security Consultant Certified Ethical Hacker (CEHv8Beta)

More information

by Penetration Testing

by Penetration Testing BackTrack 4: Assuring Security by Penetration Testing Master the art of penetration testing with BackTrack Shakeel Ali Tedi Heriyanto rpafktl Pen I I llv. I\ 1 J community expe PUBLISHING- - BIRMINGHAM

More information

NETWORK PENETRATION TESTS FOR EHR MANAGEMENT SOLUTIONS PROVIDER

NETWORK PENETRATION TESTS FOR EHR MANAGEMENT SOLUTIONS PROVIDER A C a s e s t u d y o n h o w Z e n Q h a s h e l p e d a L e a d i n g K - 1 2 E d u c a t i o n & L e a r n i n g S o l u t i o n s P r o v i d e r i n U S g a u g e c a p a c i t y o f t h e i r f l

More information

CONTENTS. PCI DSS Compliance Guide

CONTENTS. PCI DSS Compliance Guide CONTENTS PCI DSS COMPLIANCE FOR YOUR WEBSITE BUILD AND MAINTAIN A SECURE NETWORK AND SYSTEMS Requirement 1: Install and maintain a firewall configuration to protect cardholder data Requirement 2: Do not

More information

Andreas Dittrich, Philipp Reinecke Testing of Network and System Security. example.

Andreas Dittrich, Philipp Reinecke Testing of Network and System Security. example. Testing of Network and System Security 1 Testing of Network and System Security Introduction The term security when applied to computer networks conveys a plethora of meanings, ranging from network security

More information

External Network Penetration Test Report

External Network Penetration Test Report External Network Penetration Test Report Jared Doe jared@acmecompany.com C O N F I D E N T I A L P a g e 2 Document Information Assessment Information Assessor Kirit Gupta kirit.gupta@rhinosecuritylabs.com

More information

EC-Council Certified Security Analyst (ECSA)

EC-Council Certified Security Analyst (ECSA) EC-Council Certified Security Analyst (ECSA) v8 Eğitim Tipi ve Süresi: 5 Days VILT 5 Day VILT EC-Council Certified Security Analyst (ECSA) v8 Learn penetration testing methodologies while preparing for

More information

EC-Council Certified Security Analyst / License Penetration Tester (ECSA/LPT) v4.0 Bootcamp

EC-Council Certified Security Analyst / License Penetration Tester (ECSA/LPT) v4.0 Bootcamp EC-Council Certified Security Analyst / License Penetration Tester (ECSA/LPT) v4.0 Bootcamp ECSA/LPT is a security class like no other! Providing real world hands on experience, it is the only in-depth

More information

Network Test Labs Inc Security Assessment Service Description Complementary Service Offering for New Clients

Network Test Labs Inc Security Assessment Service Description Complementary Service Offering for New Clients Network Test Labs Inc Security Assessment Service Description Complementary Service Offering for New Clients Network Test Labs Inc. Head Office 170 422 Richards Street, Vancouver BC, V6B 2Z4 E-mail: info@networktestlabs.com

More information

PCI DSS 3.0 Changes Bill Franklin Executive IT Auditor bfranklin@compassitc.com January 23, 2014

PCI DSS 3.0 Changes Bill Franklin Executive IT Auditor bfranklin@compassitc.com January 23, 2014 PCI DSS 3.0 Changes Bill Franklin Executive IT Auditor bfranklin@compassitc.com January 23, 2014 Agenda Introduction PCI DSS 3.0 Changes What Can I Do to Prepare? When Do I Need to be Compliant? Questions

More information

Vulnerability Assessment and Penetration Testing. CC Faculty ALTTC, Ghaziabad

Vulnerability Assessment and Penetration Testing. CC Faculty ALTTC, Ghaziabad Vulnerability Assessment and Penetration Testing CC Faculty ALTTC, Ghaziabad Need Vulnerabilities Vulnerabilities are transpiring in different platforms and applications regularly. Information Security

More information

Security-as-a-Service (Sec-aaS) Framework. Service Introduction

Security-as-a-Service (Sec-aaS) Framework. Service Introduction Security-as-a-Service (Sec-aaS) Framework Service Introduction Need of Information Security Program In current high-tech environment, we are getting more dependent on information systems. This dependency

More information

Evaluation of Penetration Testing Software. Research

Evaluation of Penetration Testing Software. Research Evaluation of Penetration Testing Software Research Penetration testing is an evaluation of system security by simulating a malicious attack, which, at the most fundamental level, consists of an intellectual

More information

Course Title: Penetration Testing: Security Analysis

Course Title: Penetration Testing: Security Analysis Course Title: Penetration Testing: Security Analysis Page 1 of 9 Course Description: The Security Analyst Series from EC-Council Press is comprised of five books covering a broad base of topics in advanced

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting

https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting Chapter 1 1. Introducing Penetration Testing 1.1 What is penetration testing 1.2 Different types of test 1.2.1 External Tests

More information

Penetration Testing with Kali Linux

Penetration Testing with Kali Linux Penetration Testing with Kali Linux PWK Copyright 2014 Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security, 2014 No part of this publication, in whole or

More information

Vulnerability Assessment Fitting it into your ISMS

Vulnerability Assessment Fitting it into your ISMS RCS Newsletter January 2011 Vulnerability Assessment Fitting it into your Increasing incidents of automated attacks on information systems Automated attacks on information systems, and especially attacks

More information

ARE YOU REALLY PCI DSS COMPLIANT? Case Studies of PCI DSS Failure! Jeff Foresman, PCI-QSA, CISSP Partner PONDURANCE

ARE YOU REALLY PCI DSS COMPLIANT? Case Studies of PCI DSS Failure! Jeff Foresman, PCI-QSA, CISSP Partner PONDURANCE ARE YOU REALLY PCI DSS COMPLIANT? Case Studies of PCI DSS Failure! Jeff Foresman, PCI-QSA, CISSP Partner PONDURANCE AGENDA PCI DSS Basics Case Studies of PCI DSS Failure! Common Problems with PCI DSS Compliance

More information

IT HEALTHCHECK TOP TIPS WHITEPAPER

IT HEALTHCHECK TOP TIPS WHITEPAPER WHITEPAPER PREPARED BY MTI TECHNOLOGY LTD w: mti.com t: 01483 520200 f: 01483 520222 MTI Technology have been specifying and conducting IT Healthcheck s across numerous sectors including commercial, public

More information

Penetration Testing. I.T. Security Specialists. Penetration Testing 1

Penetration Testing. I.T. Security Specialists. Penetration Testing 1 Penetration I.T. Security Specialists ing 1 about us At Caretower, we help businesses to identify vulnerabilities within their security systems and provide an action plan to help prevent security breaches

More information

Payment Card Industry (PCI) Executive Report 10/27/2015

Payment Card Industry (PCI) Executive Report 10/27/2015 Payment Card Industry (PCI) Executive Report 10/27/2015 ASV Scan Report Attestation of Scan Compliance Scan Customer Information Approved Scanning Vendor Information Company: Rural Computer Consultants

More information

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001 001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110

More information

Security Management. Keeping the IT Security Administrator Busy

Security Management. Keeping the IT Security Administrator Busy Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching

More information

Protecting Your Organisation from Targeted Cyber Intrusion

Protecting Your Organisation from Targeted Cyber Intrusion Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology

More information

Exploiting Transparent User Identification Systems

Exploiting Transparent User Identification Systems Exploiting Transparent User Identification Systems Wayne Murphy Benjamin Burns Version 1.0a 1 CONTENTS 1.0 Introduction... 3 1.1 Project Objectives... 3 2.0 Brief Summary of Findings... 4 3.0 Background

More information

93% of large organisations and 76% of small businesses

93% of large organisations and 76% of small businesses innersecurity INFORMATION SECURITY Information Security Services 93% of large organisations and 76% of small businesses suffered security breaches in the last year. * Cyber attackers were the main cause.

More information

Compliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.

Compliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2. ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework

More information

Five Steps to Improve Internal Network Security. Chattanooga Information security Professionals

Five Steps to Improve Internal Network Security. Chattanooga Information security Professionals Five Steps to Improve Internal Network Security Chattanooga Information security Professionals Who Am I? Security Analyst: Sword & Shield Blogger: averagesecurityguy.info Developer: github.com/averagesecurityguy

More information

Network Penetration Testing

Network Penetration Testing Network Penetration Testing Happiest People Happiest Customers Contents Abstract...3 Introduction...3 Why Penetration Test?...3 Need for Omni-Channel...3 Types of Penetration Testing...3 External Network

More information

GUIDE TO INFORMATION SECURITY TESTING AND ASSESSMENT

GUIDE TO INFORMATION SECURITY TESTING AND ASSESSMENT GUIDE TO INFORMATION SECURITY TESTING AND ASSESSMENT Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute of Standards and Technology A comprehensive approach

More information

Penetration Testing Services. Demonstrate Real-World Risk

Penetration Testing Services. Demonstrate Real-World Risk Penetration Testing Services Demonstrate Real-World Risk Penetration Testing Services The best way to know how intruders will actually approach your network is to simulate a real-world attack under controlled

More information

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS Scope and Applicability: These Network and Certificate System Security Requirements (Requirements) apply to all publicly trusted Certification Authorities

More information

Top 20 Critical Security Controls

Top 20 Critical Security Controls Top 20 Critical Security Controls July 2015 Contents Compliance Guide 01 02 03 04 Introduction 1 How Rapid7 Can Help 2 Rapid7 Solutions for the Critical Controls 3 About Rapid7 11 01 INTRODUCTION The Need

More information

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness CISP BULLETIN Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness November 21, 2006 To support compliance with the Cardholder Information Security Program (CISP), Visa USA

More information

Vulnerability Management

Vulnerability Management Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other

More information

PHILADELPHIA GAS WORKS Information Security Assessment and Testing Services RFP#30198 Questions & Answers December 4, 2015

PHILADELPHIA GAS WORKS Information Security Assessment and Testing Services RFP#30198 Questions & Answers December 4, 2015 QUESTIONS ANSWERS Q1 What is the goal of testing? A1 We engage in this type of testing to promote our own best practices and ensure our security posture is as it should be. Q2 No of active IP s (internal):

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information

Vulnerability Assessment and Penetration Testing

Vulnerability Assessment and Penetration Testing Vulnerability Assessment and Penetration Testing Presenters: Bruce Upton CISSP, CISA, C EH bruce.upton@protectmybank.com Jerry McClurg CISSP, CISA, C EH jerry.mcclurg@protectmybank.com Agenda and Overview:

More information

EXTRA. Vulnerability scanners are indispensable both VULNERABILITY SCANNER

EXTRA. Vulnerability scanners are indispensable both VULNERABILITY SCANNER Vulnerability scanners are indispensable both for vulnerability assessments and penetration tests. One of the first things a tester does when faced with a network is fire up a network scanner or even several

More information

Penetration Testing Workshop

Penetration Testing Workshop Penetration Testing Workshop Who are we? Carter Poe Nathan Ritchey Mahdi Shapouri Fred Araujo Outline Ethical hacking What is penetration testing? Planning Reconnaissance Footprinting Network Endpoint

More information

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

If you know the enemy and know yourself, you need not fear the result of a hundred battles. Rui Pereira,B.Sc.(Hons),CIPS ISP/ITCP,CISSP,CISA,CWNA/CWSP,CPTE/CPTC Principal Consultant, WaveFront Consulting Group ruiper@wavefrontcg.com 1 (604) 961-0701 If you know the enemy and know yourself, you

More information

March 2012 www.tufin.com

March 2012 www.tufin.com SecureTrack Supporting Compliance with PCI DSS 2.0 March 2012 www.tufin.com Table of Contents Introduction... 3 The Importance of Network Security Operations... 3 Supporting PCI DSS with Automated Solutions...

More information

IBM Global Technology Services Statement of Work. for. IBM Infrastructure Security Services - Penetration Testing - Express Penetration Testing

IBM Global Technology Services Statement of Work. for. IBM Infrastructure Security Services - Penetration Testing - Express Penetration Testing IBM Global Technology Services Statement of Work for IBM Infrastructure Security Services - Penetration Testing - Express Penetration Testing The information in this Statement of Work may not be disclosed

More information

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details Sub: Supply, Installation, setup and testing of Tenable Network Security Nessus vulnerability scanner professional version 6 or latest for scanning the LAN, VLAN, VPN and IPs with 3 years License/Subscription

More information

Course Duration: 80Hrs. Course Fee: INR 7000 + 1999 (Certification Lab Exam Cost 2 Attempts)

Course Duration: 80Hrs. Course Fee: INR 7000 + 1999 (Certification Lab Exam Cost 2 Attempts) Course Duration: 80Hrs. Course Fee: INR 7000 + 1999 (Certification Lab Exam Cost 2 Attempts) Course Module: 1. Introduction to Ethical Hacking 2. Footprinting a. SAM Spade b. Nslookup c. Nmap d. Traceroute

More information

An Introduction to Network Vulnerability Testing

An Introduction to Network Vulnerability Testing CONTENTS Introduction 3 Penetration Testing Overview 4 Step 1: Defining the Scope 4 Step 2: Performing the Penetration Test 5 Step 3: Reporting and Delivering Results 6 VeriSign SecureTEST 7 Common Vulnerability

More information

NEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015

NEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015 NEXPOSE ENTERPRISE METASPLOIT PRO Effective Vulnerability Management and validation March 2015 KEY SECURITY CHALLENGES Common Challenges Organizations Experience Key Security Challenges Visibility gaps

More information

A Decision Maker s Guide to Securing an IT Infrastructure

A Decision Maker s Guide to Securing an IT Infrastructure A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose

More information

The Nexpose Expert System

The Nexpose Expert System Technical Paper The Nexpose Expert System Using an Expert System for Deeper Vulnerability Scanning Executive Summary This paper explains how Rapid7 Nexpose uses an expert system to achieve better results

More information

Cybersecurity Foundations

Cybersecurity Foundations Cybersecurity Foundations Course Number: 13198 Category: Technical Applications Duration: 5 Days Overview When you consider just a few of the consequences of a security breach - your proprietary information

More information

RISK IDENTIFY SECURITY RISKS SERVICE CORE

RISK IDENTIFY SECURITY RISKS SERVICE CORE BE FREE BE FREE OF RISK IDENTIFY SECURITY RISKS SERVICE CORE TALK TO OUR EXPERTS 1.877.222.8615 www.bestit.com Copyright 2013 BestIT.com Inc. IDENTIFY SECURITY RISKS Internal Governance Vulnerability Assessment

More information

Penetration Test Report

Penetration Test Report Penetration Test Report MegaCorp One August 10 th, 2013 Offensive Security Services, LLC 19706 One Norman Blvd. Suite B #253 Cornelius, NC 28031 United States of America Tel: 1-402-608-1337 Fax: 1-704-625-3787

More information

Cyber Essentials PLUS. Common Test Specification

Cyber Essentials PLUS. Common Test Specification Cyber Essentials PLUS Common Test Specification Page 1 Version Control Version Date Description Released by 1.0 07/08/14 Initial Common Test Specification release SR Smith 1.1 19/08/14 Updated Scope SR

More information

Information Security Services

Information Security Services Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual

More information

June 2014 WMLUG Meeting Kali Linux

June 2014 WMLUG Meeting Kali Linux June 2014 WMLUG Meeting Kali Linux "the quieter you become, the more you are able to hear" Patrick TenHoopen Kali Linux Kali Linux is a free and open source penetration testing Linux distribution designed

More information

Service Definition (Q-D1) Penetration Testing. Overview of Service. Functional and non-functional Detail. Q-D1: Service Definition

Service Definition (Q-D1) Penetration Testing. Overview of Service. Functional and non-functional Detail. Q-D1: Service Definition Service Definition (Q-D1) Penetration Testing Overview of Service The commissioning of a penetration test or vulnerability assessment is an excellent way to ensure that security technologies and controls

More information

Security and Vulnerability Testing How critical it is?

Security and Vulnerability Testing How critical it is? Security and Vulnerability Testing How critical it is? It begins and ends with your willingness and drive to change the way you perform testing today Security and Vulnerability Testing - Challenges and

More information

Demystifying Penetration Testing

Demystifying Penetration Testing Demystifying Penetration Testing Prepared by Debasis Mohanty www.hackingspirits.com E-Mail: debasis_mty@yahoo.com Goals Of This Presentation An overview of how Vulnerability Assessment (VA) & Penetration

More information

INTRODUCTION: PENETRATION TEST A BUSINESS PERSPECTIVE:

INTRODUCTION: PENETRATION TEST A BUSINESS PERSPECTIVE: PENETRATION TESTING A SYSTEMATIC APPROACH INTRODUCTION: The basic idea behind writing this article was to put forward a systematic approach that needs to be followed to perform a successful penetration

More information

Hackers are here. Where are you?

Hackers are here. Where are you? 1 2 What is EC-Council Certified Security Analyst Licensed Penetration Tester Program You are an ethical hacker. Your last name is Pwned. You dream about enumeration and you can scan networks in your sleep.

More information

Anatomy of an ethical penetration test

Anatomy of an ethical penetration test toolsmith Core Impact 6.2: Anatomy of an ethical penetration test By Russ McRee Prerequisites CORE IMPACT is lean and can run on minimal systems with limited resources and requires either Windows 2000

More information

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2 Report No. 13-35 September 27, 2013 Appalachian Regional Commission Table of Contents Results of Evaluation... 1 Areas for Improvement... 2 Area for Improvement 1: The agency should implement ongoing scanning

More information

REDSEAL NETWORKS SOLUTION BRIEF. Proactive Network Intelligence Solutions For PCI DSS Compliance

REDSEAL NETWORKS SOLUTION BRIEF. Proactive Network Intelligence Solutions For PCI DSS Compliance REDSEAL NETWORKS SOLUTION BRIEF Proactive Network Intelligence Solutions For PCI DSS Compliance Overview PCI DSS has become a global requirement for all entities handling cardholder data. A company processing,

More information

WHITE PAPER. An Introduction to Network- Vulnerability Testing

WHITE PAPER. An Introduction to Network- Vulnerability Testing An Introduction to Network- Vulnerability Testing C ONTENTS + Introduction 3 + Penetration-Testing Overview 3 Step 1: Defining the Scope 4 Step 2: Performing the Penetration Test 5 Step 3: Reporting and

More information

NETWORK PENETRATION TESTING

NETWORK PENETRATION TESTING Tim West Consulting 6807 Wicklow St. Arlington, TX 76002 817-228-3420 Twest@timwestconsulting.com OVERVIEW Tim West Consulting Tim West Consulting is a full service IT security and support firm that specializes

More information

Penetration Testing - a way for improving our cyber security

Penetration Testing - a way for improving our cyber security OWASP EU Tour Bucharest 2013 The OWASP Foundation http://www.owasp.org Penetration Testing - a way for improving our cyber security Adrian Furtunǎ, PhD, OSCP, CEH adif2k8@gmail.com Copyright The OWASP

More information

Black Box Penetration Testing For GPEN.KM V1.0 Month dd "#$!%&'(#)*)&'+!,!-./0!.-12!1.03!0045!.567!5895!.467!:;83!-/;0!383;!

Black Box Penetration Testing For GPEN.KM V1.0 Month dd #$!%&'(#)*)&'+!,!-./0!.-12!1.03!0045!.567!5895!.467!:;83!-/;0!383;! Sample Penetration Testing Report Black Box Penetration Testing For GPEN.KM V1.0 Month dd "#$%&'#)*)&'+,-./0.-121.030045.5675895.467:;83-/;0383; th, yyyy A&0#0+4*M:+:#&*#0%+C:,#0+4N:

More information

The Queen s Horses, London, May 2009. Application Security From Jerry Scott

The Queen s Horses, London, May 2009. Application Security From Jerry Scott The Queen s Horses, London, May 2009 Application Security From Jerry Scott A company wanted to build a particular application. After consulting with their programmers, they agreed it would take a programmer

More information

(WAPT) Web Application Penetration Testing

(WAPT) Web Application Penetration Testing (WAPT) Web Application Penetration Testing Module 0: Introduction 1. Introduction to the course. 2. How to get most out of the course 3. Resources you will need for the course 4. What is WAPT? Module 1:

More information

Locking down a Hitachi ID Suite server

Locking down a Hitachi ID Suite server Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime

More information

IBM. Vulnerability scanning and best practices

IBM. Vulnerability scanning and best practices IBM Vulnerability scanning and best practices ii Vulnerability scanning and best practices Contents Vulnerability scanning strategy and best practices.............. 1 Scan types............... 2 Scan duration

More information

Kerem Kocaer 2010/04/14

Kerem Kocaer 2010/04/14 Kerem Kocaer 1 EHLO Kerem is: a graduate from ICSS a security consultant at Bitsec Consulting AB a security enthusiast Kerem works with: administrative security security standards and frameworks, security

More information

April 11, 2011. (Revision 2)

April 11, 2011. (Revision 2) Passive Vulnerability Scanning Overview April 11, 2011 (Revision 2) Copyright 2011. Tenable Network Security, Inc. All rights reserved. Tenable Network Security and Nessus are registered trademarks of

More information

LOGIIC Remote Access. Final Public Report. June 2015 1 LOGIIC - APPROVED FOR PUBLIC DISTRIBUTION

LOGIIC Remote Access. Final Public Report. June 2015 1 LOGIIC - APPROVED FOR PUBLIC DISTRIBUTION LOGIIC Remote Access June 2015 Final Public Report Document Title LOGIIC Remote Monitoring Project Public Report Version Version 1.0 Primary Author A. McIntyre (SRI) Distribution Category LOGIIC Approved

More information

PCI-DSS Penetration Testing

PCI-DSS Penetration Testing PCI-DSS Penetration Testing Adam Goslin, Co-Founder High Bit Security May 10, 2011 About High Bit Security High Bit helps companies obtain or maintain their PCI compliance (Level 1 through Level 4 compliance)

More information

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access The Best First for Beginners who want to become Penetration Testers PTSv2 in pills: Self-paced, online, flexible access 900+ interactive slides and 3 hours of video material Interactive and guided learning

More information

Is your business prepared for Cyber Risks in 2016

Is your business prepared for Cyber Risks in 2016 Is your business prepared for Cyber Risks in 2016 The 2016 GSS Find out Security with the Assessment Excellus BCBS customers hurt by security breach Hackers Access 80 Mn Medical Records At Anthem Hackers

More information

Service Definition (Q-D1) Vulnerability Scan (LITE Test) Overview of Service. Functional and non-functional Detail. Q-D1: Service Definition

Service Definition (Q-D1) Vulnerability Scan (LITE Test) Overview of Service. Functional and non-functional Detail. Q-D1: Service Definition Service Definition (Q-D1) Vulnerability Scan (LITE Test) Overview of Service The commissioning of a penetration test or vulnerability assessment is an excellent way to ensure that security technologies

More information

Payment Card Industry (PCI) Executive Report. Pukka Software

Payment Card Industry (PCI) Executive Report. Pukka Software Payment Card Industry (PCI) Executive Report For Pukka Software Primary Contact: Brian Ghidinelli none Los Gatos, California United States of America 415.462.5603 Payment Card Industry (PCI) Executive

More information

Using Nessus to Detect Wireless Access Points. March 6, 2015 (Revision 4)

Using Nessus to Detect Wireless Access Points. March 6, 2015 (Revision 4) Using Nessus to Detect Wireless Access Points March 6, 2015 (Revision 4) Table of Contents Introduction... 3 Why Detect Wireless Access Points?... 3 Wireless Scanning for WAPs... 4 Detecting WAPs using

More information

PCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR

PCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR PCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR AUTHOR: UDIT PATHAK SENIOR SECURITY ANALYST udit.pathak@niiconsulting.com Public Network Intelligence India 1 Contents 1. Background... 3 2. PCI Compliance

More information

Network Attacks and Defenses

Network Attacks and Defenses Network Attacks and Defenses Tuesday, November 25, 2008 Sources: Skoudis, CounterHack; S&M Chapter 5 (including many images) CS342 Computer Security Department of Computer Science Wellesley College Networks

More information